Description:
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
Security Fix(es):
* firefox: thunderbird: Privilege escalation in Firefox Updater (CVE-2025-2817)
* firefox: thunderbird: Unsafe attribute access during XPath parsing (CVE-2025-4087)
* firefox: thunderbird: Process isolation bypass using "javascript:" URI links in cross-origin frames (CVE-2025-4083)
* firefox: thunderbird: Memory safety bugs fixed in Firefox 138, Thunderbird 138, Firefox ESR 128.10, and Thunderbird 128.10 (CVE-2025-4091)
* firefox: thunderbird: Memory safety bug fixed in Firefox ESR 128.10 and Thunderbird 128.10 (CVE-2025-4093)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Updated packages listed below:
| Architecture |
Package |
Checksum |
| aarch64 |
firefox-x11-128.10.0-1.el9_6.alma.1.aarch64.rpm |
89fc838be7d235924b705509784473f110e56f4054ed72b2e69f00974c3ff168 |
| aarch64 |
firefox-128.10.0-1.el9_6.alma.1.aarch64.rpm |
bf508658f3a66686963ef257c8e4368f9d5144f6478f52fdf7f3cf82f6344a11 |
| ppc64le |
firefox-x11-128.10.0-1.el9_6.alma.1.ppc64le.rpm |
924f72bf4da811034db4866289bf9506a967801b712ba3df59206625776c9428 |
| ppc64le |
firefox-128.10.0-1.el9_6.alma.1.ppc64le.rpm |
bbd89c9dd1ce2d46f661fdfa83fdd7946589733b475036fd836e0c77462db7e6 |
| s390x |
firefox-128.10.0-1.el9_6.alma.1.s390x.rpm |
5f4d7d4f5cee5ea9fe4ea404e28672d99a7537ab2e2e9747c9f49cf8662bb61c |
| s390x |
firefox-x11-128.10.0-1.el9_6.alma.1.s390x.rpm |
bf73e4c87ab1d1e537766026e7d3270ecd2f07cf1ed9ff7f19b672b08f4e391c |
| x86_64 |
firefox-x11-128.10.0-1.el9_6.alma.1.x86_64.rpm |
ccc9ca9bbe70fdffd74a1682aa6ec58f6fb2a1d581b89871e1040a66226c4b39 |
| x86_64 |
firefox-128.10.0-1.el9_6.alma.1.x86_64.rpm |
d724b876aca92c4aba3e4a7b070b2adf5be6bb7fa7a3d41879b0164f0397491d |
